You can’t navigate the maze of regulation and compliance without a detailed roadmap.

• Think information rather than systems. It’s important to manage structured and unstructured data, including chat and IM streams, Skype, social media, clouds, and mobile devices and data.

• Focus on authentication. Identity management is a key to success in the GRC arena. Multifactor authentication, device identification and transaction monitoring are all increasingly crucial to GRC.

• Automate key processes. The ability to automate regulatory and policy mapping goes a long way toward reducing risk. Experts say it’s important to build systems and processes that address the full spectrum of issues, including privacy.

• Make GRC a business proposition rather than an IT plan. The end goal is to measure and address risk. The best GRC applications cannot replace well-conceived processes and policies. What’s more, it’s critical to separate IT risks from business risks.

• Consolidate systems and efforts. There should be a single point of governance for GRC. Too often, organizations wind up with a tangle of initiatives managed by different managers. An organization might consider appointing a risk manager to oversee all IT and business initiatives and reduce costs.